archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/cluster/resdll/smbshare/dumpsd.c

787 lines
26 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. dumpsd.c
  9. Abstract:
  11. Dump security desc., ACLs, and access masks to the log. This is resource
  12. specific but otherwise identical to the routines in clusrtl\security.c
  14. Author:
  16. Charlie Wickham (charlwi) 12/05/00
  18. Revision History:
  20. --*/
  22. #define UNICODE 1
  23. #include "clusres.h"
  24. #include "clusrtl.h"
  25. #include "lm.h"
  26. #include "lmerr.h"
  27. #include "lmshare.h"
  28. #include <dfsfsctl.h>
  29. #include <srvfsctl.h>
  30. #include <lmdfs.h>
  32. #define g_LogEvent ClusResLogEvent
  34. static VOID
  35. SmbGetSidTypeDesc(
  36. SID_NAME_USE SidType,
  37. LPSTR pszSidType,
  38. size_t cchSidType
  39. )
  41. /*++
  43. Routine Description:
  45. Convert the SidType into a meaningful string.
  47. Arguments:
  49. SidType -
  50. pszSidType
  51. cchSidType
  53. Return Value:
  55. none
  57. --*/
  59. {
  61. if ((pszSidType != NULL) && (cchSidType > 0))
  62. {
  63. char szSidType [128];
  65. switch (SidType) {
  66. case SidTypeUser:
  67. lstrcpyA(szSidType, "has a user SID for");
  68. break;
  70. case SidTypeGroup:
  71. lstrcpyA(szSidType, "has a group SID for");
  72. break;
  74. case SidTypeDomain:
  75. lstrcpyA(szSidType, "has a domain SID for");
  76. break;
  78. case SidTypeAlias:
  79. lstrcpyA(szSidType, "has an alias SID for");
  80. break;
  82. case SidTypeWellKnownGroup:
  83. lstrcpyA(szSidType, "has a SID for a well-known group for");
  84. break;
  86. case SidTypeDeletedAccount:
  87. lstrcpyA(szSidType, "has a SID for a deleted account for");
  88. break;
  90. case SidTypeInvalid:
  91. lstrcpyA(szSidType, "has an invalid SID for");
  92. break;
  94. case SidTypeUnknown:
  95. lstrcpyA(szSidType, "has an unknown SID type:");
  96. break;
  98. default:
  99. szSidType [0] = '\0';
  100. break;
  102. } // switch: SidType
  104. strncpy(pszSidType, szSidType, cchSidType);
  106. } // if: buffer not null and has space allocated
  108. } //*** SmbGetSidTypeDesc()
  110. static VOID
  111. SmbExamineSid(
  112. RESOURCE_HANDLE ResourceHandle,
  113. PSID pSid,
  114. LPSTR lpszOldIndent
  115. )
  117. /*++
  119. Routine Description:
  121. Dump the SID.
  123. Arguments:
  125. pSid -
  126. lpzOldIndent -
  128. Return Value:
  130. none
  132. --*/
  134. {
  135. CHAR szUserName [128];
  136. CHAR szDomainName [128];
  137. DWORD cbUser = sizeof(szUserName);
  138. DWORD cbDomain = sizeof(szDomainName);
  139. SID_NAME_USE SidType;
  141. if ( LookupAccountSidA( NULL, pSid, szUserName, &cbUser, szDomainName, &cbDomain, &SidType ) )
  142. {
  143. char szSidType [128];
  145. SmbGetSidTypeDesc( SidType, szSidType, sizeof( szSidType ) );
  146. (g_LogEvent)(ResourceHandle,
  147. LOG_INFORMATION,
  148. L"%1!hs!%2!hs! %3!hs!\\%4!hs!\n",
  149. lpszOldIndent, szSidType, szDomainName, szUserName ) ;
  150. }
  152. } // *** SmbExamineSid()
  154. VOID
  155. SmbExamineMask(
  156. RESOURCE_HANDLE ResourceHandle,
  157. ACCESS_MASK amMask
  158. )
  160. /*++
  162. Routine Description:
  164. Dump the AccessMask context.
  166. Arguments:
  168. amMask -
  169. lpzOldIndent -
  171. Return Value:
  173. none
  175. --*/
  177. {
  178. #define STANDARD_RIGHTS_ALL_THE_BITS 0x00FF0000L
  179. #define GENERIC_RIGHTS_ALL_THE_BITS 0xF0000000L
  181. DWORD dwGenericBits;
  182. DWORD dwStandardBits;
  183. DWORD dwSpecificBits;
  184. DWORD dwAccessSystemSecurityBit;
  185. DWORD dwExtraBits;
  187. dwStandardBits = (amMask & STANDARD_RIGHTS_ALL_THE_BITS);
  188. dwSpecificBits = (amMask & SPECIFIC_RIGHTS_ALL );
  189. dwAccessSystemSecurityBit = (amMask & ACCESS_SYSTEM_SECURITY );
  190. dwGenericBits = (amMask & GENERIC_RIGHTS_ALL_THE_BITS );
  192. // **************************************************************************
  193. // *
  194. // * Print then decode the standard rights bits
  195. // *
  196. // **************************************************************************
  198. (g_LogEvent)(ResourceHandle,
  199. LOG_INFORMATION,
  200. L" Standard Rights == 0x%1!.8x!\n", dwStandardBits);
  202. if (dwStandardBits) {
  204. if ((dwStandardBits & DELETE) == DELETE) {
  205. (g_LogEvent)(ResourceHandle,
  206. LOG_INFORMATION,
  207. L" 0x%1!.8x! DELETE\n", DELETE);
  208. }
  210. if ((dwStandardBits & READ_CONTROL) == READ_CONTROL) {
  211. (g_LogEvent)(ResourceHandle,
  212. LOG_INFORMATION,
  213. L" 0x%1!.8x! READ_CONTROL\n", READ_CONTROL);
  214. }
  216. if ((dwStandardBits & STANDARD_RIGHTS_READ) == STANDARD_RIGHTS_READ) {
  217. (g_LogEvent)(ResourceHandle,
  218. LOG_INFORMATION,
  219. L" 0x%1!.8x! STANDARD_RIGHTS_READ\n", STANDARD_RIGHTS_READ);
  220. }
  222. if ((dwStandardBits & STANDARD_RIGHTS_WRITE) == STANDARD_RIGHTS_WRITE) {
  223. (g_LogEvent)(ResourceHandle,
  224. LOG_INFORMATION,
  225. L" 0x%1!.8x! STANDARD_RIGHTS_WRITE\n", STANDARD_RIGHTS_WRITE);
  226. }
  228. if ((dwStandardBits & STANDARD_RIGHTS_EXECUTE) == STANDARD_RIGHTS_EXECUTE) {
  229. (g_LogEvent)(ResourceHandle,
  230. LOG_INFORMATION,
  231. L" 0x%1!.8x! STANDARD_RIGHTS_EXECUTE\n", STANDARD_RIGHTS_EXECUTE);
  232. }
  234. if ((dwStandardBits & WRITE_DAC) == WRITE_DAC) {
  235. (g_LogEvent)(ResourceHandle,
  236. LOG_INFORMATION,
  237. L" 0x%1!.8x! WRITE_DAC\n", WRITE_DAC);
  238. }
  240. if ((dwStandardBits & WRITE_OWNER) == WRITE_OWNER) {
  241. (g_LogEvent)(ResourceHandle,
  242. LOG_INFORMATION,
  243. L" 0x%1!.8x! WRITE_OWNER\n", WRITE_OWNER);
  244. }
  246. if ((dwStandardBits & SYNCHRONIZE) == SYNCHRONIZE) {
  247. (g_LogEvent)(ResourceHandle,
  248. LOG_INFORMATION,
  249. L" 0x%1!.8x! SYNCHRONIZE\n", SYNCHRONIZE);
  250. }
  252. if ((dwStandardBits & STANDARD_RIGHTS_REQUIRED) == STANDARD_RIGHTS_REQUIRED) {
  253. (g_LogEvent)(ResourceHandle,
  254. LOG_INFORMATION,
  255. L" 0x%1!.8x! STANDARD_RIGHTS_REQUIRED\n", STANDARD_RIGHTS_REQUIRED);
  256. }
  258. if ((dwStandardBits & STANDARD_RIGHTS_ALL) == STANDARD_RIGHTS_ALL) {
  259. (g_LogEvent)(ResourceHandle,
  260. LOG_INFORMATION,
  261. L" 0x%1!.8x! STANDARD_RIGHTS_ALL\n", STANDARD_RIGHTS_ALL);
  262. }
  264. dwExtraBits = dwStandardBits & (~(DELETE
  265. | READ_CONTROL
  266. | STANDARD_RIGHTS_READ
  267. | STANDARD_RIGHTS_WRITE
  268. | STANDARD_RIGHTS_EXECUTE
  269. | WRITE_DAC
  270. | WRITE_OWNER
  271. | SYNCHRONIZE
  272. | STANDARD_RIGHTS_REQUIRED
  273. | STANDARD_RIGHTS_ALL));
  274. if (dwExtraBits) {
  275. (g_LogEvent)(ResourceHandle,
  276. LOG_INFORMATION,
  277. L" Extra standard bits == 0x%1!.8x! <-This is a problem, should be all 0s\n",
  278. dwExtraBits);
  279. }
  280. }
  282. (g_LogEvent)(ResourceHandle,
  283. LOG_INFORMATION,
  284. L" Specific Rights == 0x%1!.8x!\n", dwSpecificBits);
  286. // **************************************************************************
  287. // *
  288. // * Print then decode the ACCESS_SYSTEM_SECURITY bit
  289. // *
  290. // *************************************************************************
  292. (g_LogEvent)(ResourceHandle,
  293. LOG_INFORMATION,
  294. L" Access System Security == 0x%1!.8x!\n", dwAccessSystemSecurityBit);
  296. // **************************************************************************
  297. // *
  298. // * Print then decode the generic rights bits, which will rarely be on
  299. // *
  300. // * Generic bits are nearly always mapped by Windows NT before it tries to do
  301. // * anything with them. You can ignore the fact that generic bits are
  302. // * special in any way, although it helps to keep track of what the mappings
  303. // * are so that you don't have any surprises
  304. // *
  305. // * The only time the generic bits are not mapped immediately is if they are
  306. // * placed in an inheritable ACE in an ACL, or in an ACL that will be
  307. // * assigned by default (such as the default DACL in an access token). In
  308. // * that case they're mapped when the child object is created (or when the
  309. // * default DACL is used at object creation time)
  310. // *
  311. // **************************************************************************
  313. (g_LogEvent)(ResourceHandle,
  314. LOG_INFORMATION,
  315. L" Generic Rights == 0x%1!.8x!\n", dwGenericBits);
  317. if (dwGenericBits) {
  319. if ((dwGenericBits & GENERIC_READ) == GENERIC_READ) {
  320. (g_LogEvent)(ResourceHandle,
  321. LOG_INFORMATION,
  322. L" 0x%1!.8x! GENERIC_READ\n", GENERIC_READ);
  323. }
  325. if ((dwGenericBits & GENERIC_WRITE) == GENERIC_WRITE) {
  326. (g_LogEvent)(ResourceHandle,
  327. LOG_INFORMATION,
  328. L" 0x%1!.8x! GENERIC_WRITE\n", GENERIC_WRITE);
  329. }
  331. if ((dwGenericBits & GENERIC_EXECUTE) == GENERIC_EXECUTE) {
  332. (g_LogEvent)(ResourceHandle,
  333. LOG_INFORMATION,
  334. L" 0x%1!.8x! GENERIC_EXECUTE\n", GENERIC_EXECUTE);
  335. }
  337. if ((dwGenericBits & GENERIC_ALL) == GENERIC_ALL) {
  338. (g_LogEvent)(ResourceHandle,
  339. LOG_INFORMATION,
  340. L" 0x%1!.8x! GENERIC_ALL\n", GENERIC_ALL);
  341. }
  343. dwExtraBits = dwGenericBits & (~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL));
  344. if (dwExtraBits) {
  345. (g_LogEvent)(ResourceHandle,
  346. LOG_INFORMATION,
  347. L" Extra generic bits == 0x%1!.8x! <-This is a problem, should be all 0s\n",
  348. dwExtraBits);
  349. }
  350. }
  352. } // *** SmbExamineMask()
  354. static BOOL
  355. SmbExamineACL(
  356. RESOURCE_HANDLE ResourceHandle,
  357. PACL paclACL
  358. )
  360. /*++
  362. Routine Description:
  364. Dump the Access Control List context.
  366. Return Value:
  368. none
  370. --*/
  372. {
  373. ACL_SIZE_INFORMATION asiAclSize;
  374. ACL_REVISION_INFORMATION ariAclRevision;
  375. DWORD dwBufLength;
  376. DWORD dwAcl_i;
  377. ACCESS_ALLOWED_ACE * paaAllowedAce;
  379. if (!IsValidAcl(paclACL)) {
  380. (g_LogEvent)(ResourceHandle,
  381. LOG_INFORMATION,
  382. L" SmbExamineACL() - IsValidAcl() failed.\n");
  383. return FALSE;
  384. }
  386. dwBufLength = sizeof(asiAclSize);
  388. if (!GetAclInformation(paclACL, &asiAclSize, dwBufLength, AclSizeInformation)) {
  389. (g_LogEvent)(ResourceHandle,
  390. LOG_INFORMATION,
  391. L" SmbExamineACL() - GetAclInformation failed.\n");
  392. return FALSE;
  393. }
  395. dwBufLength = sizeof(ariAclRevision);
  397. if (!GetAclInformation(paclACL, (LPVOID) &ariAclRevision, dwBufLength, AclRevisionInformation)) {
  398. (g_LogEvent)(ResourceHandle,
  399. LOG_INFORMATION,
  400. L" SmbExamineACL() - GetAclInformation failed\n");
  401. return FALSE;
  402. }
  404. (g_LogEvent)(ResourceHandle,
  405. LOG_INFORMATION,
  406. L" ACL has %1!d! ACE(s), %2!d! bytes used, %3!d! bytes free\n",
  407. asiAclSize.AceCount,
  408. asiAclSize.AclBytesInUse,
  409. asiAclSize.AclBytesFree);
  411. switch (ariAclRevision.AclRevision) {
  412. case ACL_REVISION1:
  413. (g_LogEvent)(ResourceHandle,
  414. LOG_INFORMATION,
  415. L" ACL revision is %1!d! == ACL_REVISION1\n", ariAclRevision.AclRevision);
  416. break;
  417. case ACL_REVISION2:
  418. (g_LogEvent)(ResourceHandle,
  419. LOG_INFORMATION,
  420. L" ACL revision is %1!d! == ACL_REVISION2\n", ariAclRevision.AclRevision);
  421. break;
  422. default:
  423. (g_LogEvent)(ResourceHandle,
  424. LOG_INFORMATION,
  425. L" ACL revision is %1!d! == Unrecognized ACL Revision.\n",
  426. ariAclRevision.AclRevision);
  427. return FALSE;
  428. break;
  429. }
  431. for (dwAcl_i = 0; dwAcl_i < asiAclSize.AceCount; dwAcl_i++) {
  433. if (!GetAce(paclACL, dwAcl_i, (LPVOID *) &paaAllowedAce)) {
  434. (g_LogEvent)(ResourceHandle,
  435. LOG_INFORMATION,
  436. L" SmbExamineACL() - GetAce failed.\n");
  437. return FALSE;
  438. }
  440. (g_LogEvent)(ResourceHandle,
  441. LOG_INFORMATION,
  442. L" ACE %1!d! size %2!d!\n", dwAcl_i, paaAllowedAce->Header.AceSize);
  444. {
  445. char szBuf [128];
  447. wsprintfA(szBuf, " ACE %d ", dwAcl_i);
  448. SmbExamineSid(ResourceHandle, &(paaAllowedAce->SidStart), szBuf );
  449. }
  451. {
  452. DWORD dwAceFlags = paaAllowedAce->Header.AceFlags;
  454. (g_LogEvent)(ResourceHandle,
  455. LOG_INFORMATION,
  456. L" ACE %1!d! flags 0x%2!.2x!\n", dwAcl_i, dwAceFlags);
  458. if (dwAceFlags) {
  459. DWORD dwExtraBits;
  461. if ((dwAceFlags & OBJECT_INHERIT_ACE) == OBJECT_INHERIT_ACE) {
  462. (g_LogEvent)(ResourceHandle,
  463. LOG_INFORMATION,
  464. L" 0x01 OBJECT_INHERIT_ACE\n");
  465. }
  467. if ((dwAceFlags & CONTAINER_INHERIT_ACE) == CONTAINER_INHERIT_ACE) {
  468. (g_LogEvent)(ResourceHandle,
  469. LOG_INFORMATION,
  470. L" 0x02 CONTAINER_INHERIT_ACE\n");
  471. }
  473. if ((dwAceFlags & NO_PROPAGATE_INHERIT_ACE) == NO_PROPAGATE_INHERIT_ACE) {
  474. (g_LogEvent)(ResourceHandle,
  475. LOG_INFORMATION,
  476. L" 0x04 NO_PROPAGATE_INHERIT_ACE\n");
  477. }
  479. if ((dwAceFlags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE) {
  480. (g_LogEvent)(ResourceHandle,
  481. LOG_INFORMATION,
  482. L" 0x08 INHERIT_ONLY_ACE\n");
  483. }
  485. if ((dwAceFlags & VALID_INHERIT_FLAGS) == VALID_INHERIT_FLAGS) {
  486. (g_LogEvent)(ResourceHandle,
  487. LOG_INFORMATION,
  488. L" 0x0F VALID_INHERIT_FLAGS\n");
  489. }
  491. if ((dwAceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) == SUCCESSFUL_ACCESS_ACE_FLAG) {
  492. (g_LogEvent)(ResourceHandle,
  493. LOG_INFORMATION,
  494. L" 0x40 SUCCESSFUL_ACCESS_ACE_FLAG\n");
  495. }
  497. if ((dwAceFlags & FAILED_ACCESS_ACE_FLAG) == FAILED_ACCESS_ACE_FLAG) {
  498. (g_LogEvent)(ResourceHandle,
  499. LOG_INFORMATION,
  500. L" 0x80 FAILED_ACCESS_ACE_FLAG\n");
  501. }
  503. dwExtraBits = dwAceFlags & (~(OBJECT_INHERIT_ACE
  504. | CONTAINER_INHERIT_ACE
  505. | NO_PROPAGATE_INHERIT_ACE
  506. | INHERIT_ONLY_ACE
  507. | VALID_INHERIT_FLAGS
  508. | SUCCESSFUL_ACCESS_ACE_FLAG
  509. | FAILED_ACCESS_ACE_FLAG));
  510. if (dwExtraBits) {
  511. (g_LogEvent)(ResourceHandle,
  512. LOG_INFORMATION,
  513. L" Extra AceFlag bits == 0x%1!.8x! <-This is a problem, should be all 0s\n",
  514. dwExtraBits);
  515. }
  516. }
  517. }
  519. switch (paaAllowedAce->Header.AceType) {
  520. case ACCESS_ALLOWED_ACE_TYPE:
  521. (g_LogEvent)(ResourceHandle,
  522. LOG_INFORMATION,
  523. L" ACE %1!d! is an ACCESS_ALLOWED_ACE_TYPE\n", dwAcl_i);
  524. break;
  525. case ACCESS_DENIED_ACE_TYPE:
  526. (g_LogEvent)(ResourceHandle,
  527. LOG_INFORMATION,
  528. L" ACE %1!d! is an ACCESS_DENIED_ACE_TYPE\n", dwAcl_i);
  529. break;
  530. case SYSTEM_AUDIT_ACE_TYPE:
  531. (g_LogEvent)(ResourceHandle,
  532. LOG_INFORMATION,
  533. L" ACE %1!d! is a SYSTEM_AUDIT_ACE_TYPE\n", dwAcl_i);
  534. break;
  535. case SYSTEM_ALARM_ACE_TYPE:
  536. (g_LogEvent)(ResourceHandle,
  537. LOG_INFORMATION,
  538. L" ACE %1!d! is a SYSTEM_ALARM_ACE_TYPE\n", dwAcl_i);
  539. break;
  540. default :
  541. (g_LogEvent)(ResourceHandle,
  542. LOG_INFORMATION,
  543. L" ACE %1!d! is an IMPOSSIBLE ACE_TYPE!!! Run debugger, examine value!\n", dwAcl_i);
  544. return FALSE;
  545. }
  547. (g_LogEvent)(ResourceHandle,
  548. LOG_INFORMATION,
  549. L" ACE %1!d! mask == 0x%2!.8x!\n", dwAcl_i, paaAllowedAce->Mask);
  551. SmbExamineMask(ResourceHandle, paaAllowedAce->Mask);
  552. }
  554. return TRUE;
  556. } // *** SmbExamineACL()
  558. BOOL
  559. SmbExamineSD(
  560. RESOURCE_HANDLE ResourceHandle,
  561. PSECURITY_DESCRIPTOR psdSD
  562. )
  564. /*++
  566. Routine Description:
  568. Dump the Security descriptor context.
  570. Arguments:
  572. psdSD - the SD to dump
  574. Return Value:
  576. BOOL, TRUE for success, FALSE for failure
  578. --*/
  580. {
  581. PACL paclDACL;
  582. PACL paclSACL;
  583. BOOL bHasDACL = FALSE;
  584. BOOL bHasSACL = FALSE;
  585. BOOL bDaclDefaulted = FALSE;
  586. BOOL bSaclDefaulted = FALSE;
  587. BOOL bOwnerDefaulted = FALSE;
  588. BOOL bGroupDefaulted = FALSE;
  589. PSID psidOwner;
  590. PSID psidGroup;
  591. SECURITY_DESCRIPTOR_CONTROL sdcSDControl;
  592. DWORD dwSDRevision;
  593. DWORD dwSDLength;
  595. if (!IsValidSecurityDescriptor(psdSD)) {
  596. (g_LogEvent)(ResourceHandle,
  597. LOG_INFORMATION,
  598. L"SmbExamineSD() - IsValidSecurityDescriptor failed.\n");
  599. return FALSE;
  600. }
  602. dwSDLength = GetSecurityDescriptorLength(psdSD);
  604. if (!GetSecurityDescriptorDacl(psdSD, (LPBOOL) &bHasDACL, (PACL *) &paclDACL, (LPBOOL) &bDaclDefaulted)) {
  605. (g_LogEvent)(ResourceHandle,
  606. LOG_INFORMATION,
  607. L"SmbExamineSD() - GetSecurityDescriptorDacl failed.\n");
  608. return FALSE;
  609. }
  611. if (!GetSecurityDescriptorSacl(psdSD, (LPBOOL) &bHasSACL, (PACL *) &paclSACL, (LPBOOL) &bSaclDefaulted)) {
  612. (g_LogEvent)(ResourceHandle,
  613. LOG_INFORMATION,
  614. L"SmbExamineSD() - GetSecurityDescriptorSacl failed.\n");
  615. return FALSE;
  616. }
  618. if (!GetSecurityDescriptorOwner(psdSD, (PSID *)&psidOwner, (LPBOOL)&bOwnerDefaulted)) {
  619. (g_LogEvent)(ResourceHandle,
  620. LOG_INFORMATION,
  621. L"SmbExamineSD() - GetSecurityDescriptorOwner failed.\n");
  622. return FALSE;
  623. }
  625. if (!GetSecurityDescriptorGroup(psdSD, (PSID *) &psidGroup, (LPBOOL) &bGroupDefaulted)) {
  626. (g_LogEvent)(ResourceHandle,
  627. LOG_INFORMATION,
  628. L"SmbExamineSD() - GetSecurityDescriptorGroup failed.\n");
  629. return FALSE;
  630. }
  632. if (!GetSecurityDescriptorControl(
  633. psdSD,
  634. (PSECURITY_DESCRIPTOR_CONTROL) &sdcSDControl,
  635. (LPDWORD) &dwSDRevision))
  636. {
  637. (g_LogEvent)(ResourceHandle,
  638. LOG_INFORMATION,
  639. L"SmbExamineSD() - GetSecurityDescriptorControl failed.\n");
  640. return FALSE;
  641. }
  643. switch (dwSDRevision) {
  644. case SECURITY_DESCRIPTOR_REVISION1:
  645. (g_LogEvent)(ResourceHandle,
  646. LOG_INFORMATION,
  647. L"SD is valid. SD is %1!d! bytes long. SD revision is "
  648. L"%2!d! == SECURITY_DESCRIPTOR_REVISION1\n",
  649. dwSDLength, dwSDRevision);
  650. break;
  652. default :
  653. (g_LogEvent)(ResourceHandle,
  654. LOG_INFORMATION,
  655. L"SD is valid. SD is %1!d! bytes long. SD revision is "
  656. L"%2!d! == ! SD Revision is an IMPOSSIBLE SD revision!!! "
  657. L"Perhaps a new revision was added...\n",
  658. dwSDLength,
  659. dwSDRevision);
  660. return FALSE;
  661. }
  663. if (SE_SELF_RELATIVE & sdcSDControl) {
  664. (g_LogEvent)(ResourceHandle,
  665. LOG_INFORMATION,
  666. L"SD is in self-relative format (all SDs returned by the system are)\n");
  667. }
  669. if (NULL == psidOwner) {
  670. (g_LogEvent)(ResourceHandle,
  671. LOG_INFORMATION,
  672. L"SD's Owner is NULL, so SE_OWNER_DEFAULTED is ignored\n");
  673. }
  674. else {
  675. (g_LogEvent)(ResourceHandle,
  676. LOG_INFORMATION,
  677. L"SD's Owner is Not NULL\n");
  679. if (bOwnerDefaulted) {
  680. (g_LogEvent)(ResourceHandle,
  681. LOG_INFORMATION,
  682. L"SD's Owner-Defaulted flag is TRUE\n");
  683. }
  684. else {
  685. (g_LogEvent)(ResourceHandle,
  686. LOG_INFORMATION,
  687. L"SD's Owner-Defaulted flag is FALSE\n");
  688. }
  689. }
  691. // **************************************************************************
  692. // *
  693. // * The other use for psidGroup is for Macintosh client support
  694. // *
  695. // **************************************************************************
  697. if (NULL == psidGroup) {
  698. (g_LogEvent)(ResourceHandle,
  699. LOG_INFORMATION,
  700. L"SD's Group is NULL, so SE_GROUP_DEFAULTED is ignored. SD's Group "
  701. L"being NULL is typical, GROUP in SD(s) is mainly for POSIX compliance\n");
  702. }
  703. else {
  704. if (bGroupDefaulted) {
  705. (g_LogEvent)(ResourceHandle,
  706. LOG_INFORMATION,
  707. L"SD's Group-Defaulted flag is TRUE\n");
  708. }
  709. else {
  710. (g_LogEvent)(ResourceHandle,
  711. LOG_INFORMATION,
  712. L"SD's Group-Defaulted flag is FALSE\n");
  713. }
  714. }
  716. if (SE_DACL_PRESENT & sdcSDControl) {
  717. (g_LogEvent)(ResourceHandle,
  718. LOG_INFORMATION,
  719. L"SD's DACL is Present\n");
  721. if (bDaclDefaulted) {
  722. (g_LogEvent)(ResourceHandle,
  723. LOG_INFORMATION,
  724. L"SD's DACL-Defaulted flag is TRUE\n");
  725. } else {
  726. (g_LogEvent)(ResourceHandle,
  727. LOG_INFORMATION,
  728. L"SD's DACL-Defaulted flag is FALSE\n");
  729. }
  731. if (NULL == paclDACL) {
  732. (g_LogEvent)(ResourceHandle,
  733. LOG_INFORMATION,
  734. L"SD has a NULL DACL explicitly specified (allows all access to Everyone). "
  735. L"This does not apply to this SD, but for comparison, a non-NULL DACL pointer "
  736. L"to a 0-length ACL allows no access to anyone\n");
  737. }
  738. else if(!SmbExamineACL(ResourceHandle, paclDACL)) {
  739. (g_LogEvent)(ResourceHandle,
  740. LOG_INFORMATION,
  741. L"SmbExamineSD() - SmbExamineACL failed.\n");
  742. }
  743. }
  744. else {
  745. (g_LogEvent)(ResourceHandle,
  746. LOG_INFORMATION,
  747. L"SD's DACL is Not Present, so SE_DACL_DEFAULTED is ignored. SD has no "
  748. L"DACL at all (allows all access to Everyone)\n");
  749. }
  751. if (SE_SACL_PRESENT & sdcSDControl) {
  752. (g_LogEvent)(ResourceHandle,
  753. LOG_INFORMATION,
  754. L"SD's SACL is Present\n");
  756. if (bSaclDefaulted) {
  757. (g_LogEvent)(ResourceHandle,
  758. LOG_INFORMATION,
  759. L"SD's SACL-Defaulted flag is TRUE\n");
  760. }
  761. else {
  762. (g_LogEvent)(ResourceHandle,
  763. LOG_INFORMATION,
  764. L"SD's SACL-Defaulted flag is FALSE\n");
  765. }
  767. if (NULL == paclSACL) {
  768. (g_LogEvent)(ResourceHandle,
  769. LOG_INFORMATION,
  770. L"SD has a NULL SACL explicitly specified\n");
  771. }
  772. else if (!SmbExamineACL(ResourceHandle, paclSACL)) {
  773. (g_LogEvent)(ResourceHandle,
  774. LOG_INFORMATION,
  775. L"SmbExamineSD() - SmbExamineACL failed.\n");
  776. }
  777. }
  778. else {
  779. (g_LogEvent)(ResourceHandle,
  780. LOG_INFORMATION,
  781. L"SD's SACL is Not Present, so SE_SACL_DEFAULTED is ignored. SD has no "
  782. L"SACL at all (or we did not request to see it)\n");
  783. }
  785. return TRUE;
  787. } // *** SmbExamineSD()